Page 1 of 4 123 ... LastLast
Results 1 to 10 of 34

Thread: Core Internet technology found vulnerable

  1. #1
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,018

    Core Internet technology found vulnerable

    Anybody seen this yet?

    http://msnbc.msn.com/id/4788445/

    Watson, who runs the www.terrorist.net Web site, predicted that hackers will understand how to begin launching attacks "within five minutes of walking out of that meeting."

    I'm coming up with nada....

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Hmmm, I smell the distinct stench of BS. Here's why:

    The idea of taking down the internet's core routers has been around forever. In fact, known BGP vulnerabilities have existed for years. Also, the less technical and probably more effective way to knock out a large section of the internet is to simply destroy the physical location where the routers are housed. I happen to know of one location on the east coast where it would be very easy to plow a truck through a building where one of these core routers is located.

    Giving this guy credit for reading an RFC and then saying that he has discovered this core weakness is BS. Even better, Amit Yoran, who I think is a clown, wouldn't know a vulnerability if it jumped up and bit him in the ass. He is a DHS front man, nothing more.

    OK, rant over.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    This isn't a BGP vulnerabilitie thehorse, this is a TCP vulnerability. Advisory here.
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Yes, I understand that. However, its not as simple as just a TCP issue. My point is that before any of this came along, there were other ways to take down the internet.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    Yeah, same stuff.

    In short, it's a way of resetting TCP sessions. In most applications (where TCP-sessions are relatively short) this isn't really frightening. However, applications that depend on one continues TCP-session are in trouble. That's how I read it, but I could be wrong - I'm no tcp/ip wizz
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  6. #6
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,207
    Yahoo also has an article that’s high in bs but low on details.
    http://story.news.yahoo.com/news?tmp...nternet_threat

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Hoss is pretty much right here.... (Sorry Hoss, don't mean to go giving you are good rep ), but there are a lot of ways to bring down the internet... The cleanest and easiest has always been the root servers.... kill them and you kill the internet for anyone that doesn't know the IP address of the place you are trying to contact. It's been tried a few times.... IIRC the best attempt brought down 3 of the 17, degraded another 4 and couldn't touch the remaining 10, that's less than 50% success in the attack but the overall effect was much less mainly due to lower level servers caching a lot of stuff that they didn't used to and the fact that the attacker has to maintain the attack for a long period - the longer the attack is required to be in place the more time defenders have to mitigate it......

    This attack, mainly successful against BGP, is a little different insofar as it requires the initial shutdown of the protocol while it rebuilds the routing tables and the routes "settle". Once that has occured it either has to be re-attacked, (mitigatable if you keep attacking from the same locations), or constantly attacked to keep the routing tables from being created, (also easily mitigatable). The solution is to make single, coordinated attacks from ever changing IP's, in order or spoof the addresses of the attacker. Ever changing IP's is harder to mitigate especially if the originating IP is spoofing too - but it's trackable over time and requires a large infrastructure on the attackers part. Simple spoofing from constant IP's, (less burden on the attacker), is relatively easily mitigatable too with upstream ACL's applied.

    People who come up with exploits are excited about them, they see the potential for "huge" disruption easily - they tend to "overlook" the potential burden on the attacker or the relative ease of mitigation in the real world because it detracts from their discovery.

    I don't think that this particular exploit will go much further, (if as far as), the root server attack that did relatively little harm.... The defenders of the "key points" are pretty good too you know.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,018
    Thanks all... I wonder if people at MSN ever research these stories before they throw them out like that... they are beginning to disappoint me.

  9. #9
    Senior Member
    Join Date
    Sep 2003
    Posts
    101
    slashdot has this as well as well as a link to the actual write up for the vuln.

    http://www.uniras.gov.uk/vuls/2004/236929/index.htm

    http://www.slashdot.org
    chown -r us ./bases

  10. #10
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    The good folks at SANS also have a writeup on the vulnerability, along with an announcement from Cisco that there is a DOS vulnerability in SNMP processing. I have seen some interesting (bad) things happen when BGP routes start flapping all around the internet, and given that tools have been seen in the wild, only a matter of time before some kidiot does something nasty...

    /nebulus (late to the game as usual)
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •